[ale] openssh and $DISPLAY
Joe Knapka
jknapka at earthlink.net
Sun Aug 13 03:04:19 EDT 2000
Robert,
It works for me, using OpenSSH 2.1.1. I had to:
* Set "ForwardX11 yes" in sshd_config on the server.
* killall -HUP sshd
* Ensure that my .profile on the server was not explicitly
setting the DISPLAY variable.
* Give the -X option to ssh on the client side, OR set
"ForwardX11 yes" in ssh_config (note: no "d") on the
client.
-- Joe
"Robert L. Harris" wrote:
>
> This does seem to work with openssh. I can alias this. Is there such
> an option for the config file? I have "ForwardX11 yes" in my config file,
> but it gives an error when I try to ssh then.
>
> Robert
>
> Thus spake joshy (joshy at mindspring.com):
>
> > I seem to recall using the -X option to turn it on. All of the X
> > connections are tunneled through ssh and the actual connection to the X
> > server is made from the local machine. This has the added benefit of
> > working transparently through firewalls. no special port configuration
> > required. I have a firewall at home and one at work. To get to my work
> > machine have to ssh to an outside machine at work, then ssh a second time
> > to my workstation. Since ssh does all of the tunneling for me I can get
> > two machines without public ips to find and talk to eachother. of course
> > my packets were being encrypted twice, but that's the price ya gotta pay
> > for such flexibility.
> >
> >
> > - joshy
> >
> > On Sat, Aug 12, 2000 at 09:51:14PM -0600, Robert L. Harris wrote:
> > >
> > >
> > > No it's not.
> > >
> > > With commercial ssh, sshd and the client set the $DISPLAY and then "tunnels"
> > > the X through the ssh connection. This is what I'm looking for.
> > >
> > >
> > > Thus spake Tomas (tomas at kahuna.clayton.edu):
> > >
> > > > I use ssh to log in and then I use xhost at my machine and set the display
> > > > manualy at the server (actually via a script). So does that mean the info
> > > > being sent to me is encrypted or not, and if not then is there away to have encrypted X!! networking?
> > > >
> > > > Tomas
> > > >
> > > >
> > > >
> > > >
> > > > On Sat, Aug 12, 2000 at 11:30:28PM -0400, Thompson Freeman wrote:
> > > > >
> > > > > Unless I'm sadly mistaken, I'm using openssh under RH6.2, and the DISPLAY
> > > > > variable gets set very nicely.
> > > > >
> > > > > On Sat, 12 Aug 2000, Robert L. Harris wrote:
> > > > >
> > > > > > Thus spake Joe Knapka (jknapka at earthlink.net):
> > > > > >
> > > > > > > Wandered Inn wrote:
> > > > > > > >
> > > > > > > > "Robert L. Harris" wrote:
> > > > > > > > >
> > > > > > > > > A number of things like xv, xterm, and very rarely netscape.
> > > > > > > >
> > > > > > > > Here's my call to nxterm from my primary machine (denali) to my work
> > > > > > > > machine (lhotse):
> > > > > > > >
> > > > > > > > ssh -l gamyers gamyers /usr/X11R6/bin/nxterm -ls -sb -sl 200 -si -sk -bg
> > > > > > > > DarkSlateGray -fg OldLace -T lhotse -n lhotse -display denali:0
> > > > > > >
> > > > > > > The problem with this is that, while the initial command to start the
> > > > > > > nxterm will be encrypted by ssh, the X packets between lhotse and
> > > > > > > denali will not, and thus are open to sniffing.
> > > > > > >
> > > > > > > SSH provides an automatic mechanism to securely forward an X
> > > > > > > session between the server and the client; older versions of
> > > > > > > SSH automatically set the DISPLAY variable to point to the
> > > > > > > forwarded port. That's what you meant, right, Robert?
> > > > > > >
> > > > > >
> > > > > > Exactly. Tunneling the Display through the tunnel. Can OpenSSH
> > > > > > do this?
> > > > > >
> > > > > > Robert
> > > > > >
> > > > > > :wq!
> > > > > > ---------------------------------------------------------------------------
> > > > > > Robert L. Harris | Micros~1 :
> > > > > > Senior System Engineer | For when quality, reliability
> > > > > > at RnD Consulting | and security just aren't
> > > > > > \_ that important!
> > > > > > DISCLAIMER:
> > > > > > These are MY OPINIONS ALONE. I speak for no-one else.
> > > > > > FYI:
> > > > > > perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > > > > >
> > > > > > --
> > > > > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > > > > >
> > > > >
> > > > > --
> > > > > ===========================================
> > > > > The harder I work, the luckier I get.
> > > > > Lee Iocca
> > > > > ===========================================
> > > > > Thompson Freeman tfreeman at digichem.net
> > > > >
> > > > > --
> > > > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > > > --
> > > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> > >
> > >
> > >
> > > :wq!
> > > ---------------------------------------------------------------------------
> > > Robert L. Harris | Micros~1 :
> > > Senior System Engineer | For when quality, reliability
> > > at RnD Consulting | and security just aren't
> > > \_ that important!
> > > DISCLAIMER:
> > > These are MY OPINIONS ALONE. I speak for no-one else.
> > > FYI:
> > > perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> > >
> > > --
> > > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
> >
> > --
> > Then in the end the love you take
> > is equal to the love you make
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
>
> :wq!
> ---------------------------------------------------------------------------
> Robert L. Harris | Micros~1 :
> Senior System Engineer | For when quality, reliability
> at RnD Consulting | and security just aren't
> \_ that important!
> DISCLAIMER:
> These are MY OPINIONS ALONE. I speak for no-one else.
> FYI:
> perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
>
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
--
*** Joseph Knapka ***
In any formula, constants (especially those obtained from handbooks)
are to be treated as variables.
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list